Shared posts

02 Jun 23:14

Chrome to Block Battery-Sucking Ads in August Update

by MacRumors

Chrome plans to start blocking resource-heavy ads that drain a lot of battery in August, Google announced today on its Chromium blog (via VentureBeat). Chrome will block ads that mine cryptocurrency, are badly programmed, or are unoptimized for network usage.

We have recently discovered that a fraction of a percent of ads consume a disproportionate share of device resources, such as battery and network data, without the user knowing about it. These ads (such as those that mine cryptocurrency, are poorly programmed, or are unoptimized for network usage) can drain battery life, saturate already strained networks, and cost money.

In order to save our users’ batteries and data plans, and provide them with a good experience on the web, Chrome will limit the resources a display ad can use before the user interacts with the ad. When an ad reaches its limit, the ad’s frame will navigate to an error page, informing the user that the ad has used too many resources.

Chrome plans to limit the resources that an ad can use before the user interacts with the ad, and when that limit is hit, the ad’s frame will redirect to an error page to let the user know that the ad has eaten up too many resources.

Google says that it extensively measured the ads in Chrome, targeting the most “egregious” ads that use more CPU or bandwidth than 99.9 percent of all detected ads for that resource.

Chrome will have thresholds that allow for 4MB of network data or 15 seconds of CPU usage in any 30 second period, or 60 seconds of total CPU usage before an ad is blocked. Just 0.3 percent of ads exceed this threshold, but today, account for 27 percent of network data used by ads and 28 percent of all ad CPU usage.

Google will experiment with the changes for the next several months with the intention of releasing the feature on Chrome stable towards the end of August.Tag: Chrome
This article, “Chrome to Block Battery-Sucking Ads in August Update” first appeared on MacRumors.com

Discuss this article in our forums

MacRumors-All?d=6W8y8wAjSf4 MacRumors-All?d=qj6IDK7rITs

The post Chrome to Block Battery-Sucking Ads in August Update appeared first on AIVAnet.

02 Jun 09:53

Password Changing After a Breach

by Bruce Schneier

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password.

Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have mechanisms in place to mitigate harm. In order to make recommendations to companies about how to help their users perform these and other security-enhancing actions after breaches, we must first have some understanding of the current effectiveness of companies' post-breach practices. To study the effectiveness of password-related breach notifications and practices enforced after a breach, we examine­ -- based on real-world password data from 249 participants­ -- whether and how constructively participants changed their passwords after a breach announcement.

Of the 249 participants, 63 had accounts on breached domains;only 33% of the 63 changed their passwords and only 13% (of 63)did so within three months of the announcement. New passwords were on average 1.3× stronger than old passwords (when comparing log10-transformed strength), though most were weaker or of equal strength. Concerningly, new passwords were overall more similar to participants' other passwords, and participants rarely changed passwords on other sites even when these were the same or similar to their password on the breached domain.Our results highlight the need for more rigorous password-changing requirements following a breach and more effective breach notifications that deliver comprehensive advice.

News article.

EDITED TO ADD (6/2): Another news aricle. Slashdot thread.

31 May 13:16

Sharing Makes You Stronger

by Richard Millington

I love this post by Ben at The Overflow.

“After interviewing several developers, a pattern started to become clear: great developers share a lot. This takes different forms for different people but is very often a blog. “So what?” you might say, you would expect successful people—“thought leaders”—to use their position and platform to share their own ideas and projects. But the interesting thing is that for many top developers, their sharing mindset came before their success, and was the direct cause of it, not the result of it.”

Ben shares two powerful thoughts:

1) The most successful people give more than they take.

2) Sharing makes you stronger.

If you’re looking for two emotive messages to encourage more contributions from top members; I’d try these.

23 Apr 22:07

Dietary supplements an important weapon for fighting off COVID-19

Supplements containing vitamins C and D and other micronutrients, sometimes in amounts exceeding the federally recommended levels, are a safe, effective and low-cost means of helping your immune system fight off COVID-19 and other acute respiratory tract diseases.
20 Apr 22:09

Find out if your ISP implements BGP safely

by Martin Brinkmann
Maxim Bange

XS4ALL is fine

Cloudflare launched Is BGP safe yet recently that provides Internet users with a test to find out whether their Internet Service Provider (ISP) has implemented a certification system to make BGP safer to use.

All it takes is to open the website and click on the "test your ISP" button to run a quick test that determines whether the ISP has implemented the certification system RPKI.

cloudflare bgp check tool

Border Gateway Protocol (BGP) is a core Internet protocol that is used to determine the route that data takes on the Internet. One of the issues associated with the protocol is that the possibility of hijacking exists. A basic example would be that traffic from a user in the United States would go through servers in Asia to access the New York Times website.

While that is usually caused by server misconfigurations, it is sometimes used on purpose to redirect traffic for malicious or privacy-invading purposes, e.g. to record data.

Cloudflare's test checks if the ISP has implemented Resource Public Key Infrastructure (RPKI) by announcing a legitimate route and making sure the route is invalid. If the site is loaded, the invalid route was accepted by the ISP which in turn means that the ISP has not implemented RPKI.

Only a few ISPs, transite or cloud companies have implemented the security feature already. Cloudflare lists Telia and NTT on the test page, and several more, e.g. Amazon, AT&T or Cogent, that have started the implementation or implemented it partially already.

Internet users cannot really do much about it other than share the results of the test on Twitter (implemented on the test site) or elsewhere. An email, letter, or message to the ISP in question might also help get the ball rolling. Those who use different ISPs, e.g. one for the Internet connection at home and another for mobile, may find that one provider supports the safer standard already while another does not.

Now You: Has your ISP implemented RPKI already?

Thank you for being a Ghacks reader. The post Find out if your ISP implements BGP safely appeared first on gHacks Technology News.

12 Apr 20:12

Joey Bishop

"Today you can go to a gas station and find the cash register open and the toilets locked. They must think toilet paper is worth more than money."
08 Apr 18:49

How Secure is Video Conferencing App Zoom?

by Russell Smith

There’s been a lot written in the press recently about video conferencing app Zoom. From claiming that it is malware to more detailed analysis of its security, or lack or security in most cases. The app has seen a large increase in use over the past weeks as the worldwide coronavirus pandemic has forced many to work from home. VentureBeat reported early in April that daily active users rose from 10 million to more than 200 million in just three months.

Many news outlets have reported on Zoom’s security failings. With the Guardian going as far to say that the software was ‘malware’. The article describes issues such as Zoom-bombing, where hackers interrupt online meetings. And it goes on to say that despite Zoom’s initial claims, end-to-end encryption is not used to secure calls, so that they can only be decrypted by participating users.

MacOS Zoom vulnerabilities

MacOS has been particularly affected by Zoom’s security woes. Ex NSA hacker Patrick Wardle revealed two zero-days at the end of March. The first can be used by a local attacker to get access to the root account in MacOS. The second involves code injection to get access to the microphone and webcam without alerting the user.

But while Zoom is currently in the spotlight, this isn’t the first time the app has come under scrutiny. Last year, Zoom was found to be silently installing a hidden webserver on MacOS so users could be added to calls without their permission. And at the end of March, Zoom plugged a well-publicized problem in its iOS app that was sending analytics data to Facebook.

A closer look at Zoom security

The University of Toronto’s Citizen Lab has posted a more detailed look at how Zoom calls are secured. While Zoom doesn’t employ end-to-end encryption, it does encrypt data in transit. Zoom’s documentation claims that it uses Transport Layer Security (TLS) version 1.2. But Citizen Lab was unable to confirm that. Furthermore, Zoom apparently uses its own encryption method in a modified version of the Real-Time Transport Protocol (RTP), which is used for streaming audio and video.

Image #1 Expand
How Secure is Video Conferencing App Zoom? (Image Credit: Citizen Lab)

 

A single AES-128 key is used by all call participants to encrypt and decrypt video and audio streams. But the mode of operation is Electronic Codebook (ECB), which leaves patterns in the input, potentially allowing an attacker to obtain the contents of a call, albeit in poor quality.

The AES-128 key used for a call can be used to decrypt Zoom packets if they are intercepted. The keys are likely generated by Zoom servers, and sometimes delivered to call participants, using servers located in China. Regardless of where call participants are located. Although Citizen Lab did also find 68 servers located in the U.S. that appear to run the same software as the servers in China.

While Zoom is registered in the U.S., Citizen Lab says that it appears to own three companies in China that employee around 700 people to develop the software. That could leave users vulnerable if the Chinese government demanded the companies hand over encryption keys stored on servers in China.

Poorly implemented Zoom features

Hackers have been able to ‘Zoom-bomb’ meetings because the software allows participants to join using a simple URL containing a string of 9 to 10 numbers that can be easily guessed or generated. Citizen Lab also found an issue in the Waiting Room feature. Waiting Rooms are virtual spaces where participants wait until the host starts the meeting. Details of the vulnerability have not been released to give Zoom a chance to address the problem.

Image #2 Expand
British government holds a cabinet meeting using Zoom (Image Credit: Citizen Labs)

Should I use Zoom?

As Citizen Lab points out, if you are using the platform to conduct meetings that might normally happen in a public space, then you might consider Zoom’s lax security to be a non-issue. If you do decide to use Zoom, you should avoid the Waiting Rooms feature and enable passwords for your meetings to help prevent Zoom-bombing.

If you need a platform with security that can reasonably provide strong privacy and confidentiality, then Zoom is not the solution for you. At least as it stands in its current form. Microsoft Teams doesn’t use end-to-end encryption either. But it was designed with security baked in from the get-go. And a lot depends on how much you trust Microsoft, or other solution provider, with the keys used to encrypt and decrypt communications.

You can find an overview of security and compliance in Teams on Microsoft’s website here. And you can see Zoom’s response to Citizen Lab’s research here.

 

 

Petri NewslettersOffice 365 Insider

With the need to interact with Office 365 in so many of our environments, this newsletter is dedicated to sharing detailed knowledge from some of the top Office 365 experts in the world. Delivered once a month to your inbox.

Petri.com may use your contact information to provide updates, offers and resources that may be of interest to you. You can unsubscribe at any time. To learn more about how we manage your data, you can read our Privacy Policy and Terms of Service.

!Already a Petri.com member? Login here for 1-click registration.

The post How Secure is Video Conferencing App Zoom? appeared first on Petri.

08 Apr 16:30

'Fake news' increases consumer demands for corporate action

New research finds that 'fake news' inspires consumers to demand corrective action from companies -- even if the company is a victim of the fake news story. The study also supports the idea that most people feel they are better at detecting fake news than other people are.
06 Apr 10:51

Photo



30 Mar 13:31

Privacy vs. Surveillance in the Age of COVID-19

by Bruce Schneier

The trade-offs are changing:

As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians. Health and law enforcement authorities are understandably eager to employ every tool at their disposal to try to hinder the virus ­ even as the surveillance efforts threaten to alter the precarious balance between public safety and personal privacy on a global scale.

Yet ratcheting up surveillance to combat the pandemic now could permanently open the doors to more invasive forms of snooping later.

I think the effects of COVID-19 will be more drastic than the effects of the terrorist attacks of 9/11: not only with respect to surveillance, but across many aspects of our society. And while many things that would never be acceptable during normal time are reasonable things to do right now, we need to makes sure we can ratchet them back once the current pandemic is over.

Cindy Cohn at EFF wrote:

We know that this virus requires us to take steps that would be unthinkable in normal times. Staying inside, limiting public gatherings, and cooperating with medically needed attempts to track the virus are, when approached properly, reasonable and responsible things to do. But we must be as vigilant as we are thoughtful. We must be sure that measures taken in the name of responding to COVID-19 are, in the language of international human rights law, "necessary and proportionate" to the needs of society in fighting the virus. Above all, we must make sure that these measures end and that the data collected for these purposes is not re-purposed for either governmental or commercial ends.

I worry that in our haste and fear, we will fail to do any of that.

More from EFF.

24 Mar 22:34

Coronanieuws 24 maart: eindexamens geschrapt, hoogste dodental op een dag

Wat was vandaag in het nieuws over het coronavirus? Een overzicht van de belangrijkste gebeurtenissen.

De centrale eindexamens voor middelbare scholieren gaan dit jaar niet door, heeft minister Slob in overleg met onderwijsvertegenwoordigers besloten. Scholen moeten op basis van de schoolexamens gaan beslissen of leerlingen geslaagd zijn of niet. Ze krijgen tot begin juni de tijd om leerlingen hun schoolexamens te laten maken.

Dat betekent dat sommigen al bijna de vlag uit kunnen hangen, maar het voor anderen nog heel spannend is:

Nederlandse supermarktketens en drogisterijen gaan per direct het aantal klanten in de winkel beperken. Winkels mogen vanaf nu maximaal één klant per tien vierkante meter binnen hebben zodat mensen ten minste anderhalve meter afstand kunnen houden. Een winkelwagentje wordt verplicht.

Wat geldt tot 6 april, wat tot 1 juni?

Gelden de nieuwe maatregelen van het kabinet nu tot 6 april of 1 juni? Er was vandaag veel onduidelijkheid, na de persconferentie maandag van het kabinet. De datum van 1 juni geldt vooral voor grote evenementen, blijkt nu uit een nieuwe Q&A van de overheid. Over andere maatregelen (sluiting van scholen en horeca, verbieden sportwedstrijden) wordt tegen 6 april een nieuw besluit genomen.

Of scholen of kinderopvang weer open kunnen, wordt besloten op basis van nieuw onderzoek van het RIVM. Een mogelijk probleem: dat onderzoek is vandaag van start gegaan en het duurt nog zeker zes weken voordat er resultaten zijn. Dat meldt het RIVM aan Nieuwsuur.

Ambtenaren van de handhaving controleren sinds vandaag actief of alle regels wel worden nageleefd:

63 doden sinds gisteren, hoogste aantal tot nu toe

Het afgelopen etmaal zijn 63 mensen in Nederland overleden aan de gevolgen van het coronavirus, meldt het RIVM. Dat is het hoogste aantal tot nu toe. Het dodental staat nu op 276. Het aantal ziekenhuisopnamen steeg met 265 naar 1495, ook een nieuw dagrecord.

De politie heeft de afgelopen week minder meldingen gekregen van inbraken, fietsendiefstal en zakkenrollerij. Ook waren er minder ongelukken in het verkeer. Er waren echter wel meer geregistreerde gevallen van overlast in wijken. Dat blijkt uit een eerste analyse van de politie sinds het kabinet maatregelen tegen de verspreiding van het coronavirus aankondigde.

China verlicht maatregelen, VS gaat op slot

De Chinese autoriteiten versoepelen het strikte reisregime in de provincie Hubei. Vanaf morgen mogen inwoners die in het bezit zijn van een gezondheidsverklaring weer binnen de provincie reizen, met uitzondering van de stad Wuhan. In die miljoenenstad brak de wereldwijde coronacrisis uit, eind 2019.

In de Verenigde Staten krijgen steeds meer Amerikanen het dringende advies om zoveel mogelijk thuis te blijven, om zo de verspreiding van het coronavirus te remmen. Alleen al in New York zijn er meer dan 25.000 besmette mensen, en die aantallen verdubbelen elke drie dagen volgens gouverneur Andrew Cuomo.

President Trump wil de corona-maatregelen snel weer intrekken, om zo de economie niet te veel te schaden:

19 Mar 18:54

Work-from-Home Security Advice

by Bruce Schneier

SANS has made freely available its "Work-from-Home Awareness Kit."

When I think about how COVID-19's security measures are affecting organizational networks, I see several interrelated problems:

One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

Two, sensitive organizational data will likely migrate outside of the network. Employees working from home are going to save data on their own computers, where they aren't protected by the organization's security systems. This makes the data more likely to be hacked and stolen.

Three, employees are more likely to access their organizational networks insecurely. If the organization is lucky, they will have already set up a VPN for remote access. If not, they're either trying to get one quickly or not bothering at all. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse.

Four, employees are being asked to use new and unfamiliar tools like Zoom to replace face-to-face meetings. Again, these hastily set-up systems are likely to be insecure.

Five, the general chaos of "doing things differently" is an opening for attack. Tricks like business email compromise, where an employee gets a fake email from a senior executive asking him to transfer money to some account, will be more successful when the employee can't walk down the hall to confirm the email's validity -- and when everyone is distracted and so many other things are being done differently.

Worrying about network security seems almost quaint in the face of the massive health risks from COVID-19, but attacks on infrastructure can have effects far greater than the infrastructure itself. Stay safe, everyone, and help keep your networks safe as well.

05 Mar 23:53

Umberto Eco

"I have come to believe that the whole world is an enigma, a harmless enigma that is made terrible by our own mad attempt to interpret it as though it had an underlying truth."
27 Feb 13:00

Jodie Foster

"Normal is not something to aspire to, it's something to get away from."
12 Feb 20:48

I am not proposing a return to the Stone Age. My intent is not...



I am not proposing a return to the Stone Age. My intent is not reactionary, nor even conservative, but simply subversive. It seems that the utopian imagination is trapped, like capitalism and industrialism and the human population, in a one-way future consisting only of growth. All I’m trying to do is figure out how to put a pig on the tracks.

| Ursula Le Guin

12 Feb 20:42

Companies that Scrape Your Email

by Bruce Schneier

Motherboard has a long article on apps -- Edison, Slice, and Cleanfox -- that spy on your email by scraping your screen, and then sell that information to others:

Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson for J.P. Morgan Research, the part of the company that created the document, told Motherboard that the research "is intended for institutional clients."

That document describes Edison as providing "consumer purchase metrics including brand loyalty, wallet share, purchase preferences, etc." The document adds that the "source" of the data is the "Edison Email App."

[...]

A dataset obtained by Motherboard shows what some of the information pulled from free email app users' inboxes looks like. A spreadsheet containing data from Rakuten's Slice, an app that scrapes a user's inbox so they can better track packages or get their money back once a product goes down in price, contains the item that an app user bought from a specific brand, what they paid, and an unique identification code for each buyer.

07 Sep 14:23

The Perfect User

by Cherie Lacey; Catherine Caudwell; Alex Beattie
Maxim Bange

Thank you for sharing!

On June 9, former Google designer turned tech critic Tristan Harris tweeted: “We need a new field of ‘Society & Technology Interaction’ (or STX).” This “new field,” he wrote, would research ways to realign technology so that it worked in the best interests of humanity. But as some academics and social scientists were swift to point out, it is not as if such critical approaches don’t already exist. They responded to Harris’s tweet by noting his apparent ignorance of entire swathes of academic research, including science and technology studies (STS), internet and platform studies, and other various subfields within the social sciences and humanities that have been critiquing design and technological practices for decades. Some replies accused Harris of “Columbizing,” claiming to discover a territory that already exists.

More than merely an amusing Twitter roasting, however, this episode marks a key moment in the emerging discourse of “tech humanism,” which, as Ben Tarnoff and Moira Weigel explain in this essay for the Guardian, is the belief that technology “damages our psychological well-being and conditions us to behave in ways that diminish our humanity.” In other words, technology in their view now compromises the quintessentially human capacity for individual decision making.

The “human” is not a self-evident category

Harris’s tweet was part of a wider discussion among advocates for “humane technology” such as Aza Raskin and Aviv Oyadya, who argue that user-experience (UX) design — the practice of tailoring a product to users’ anticipated behavioral responses, with the aim of making it easy or compelling to use — has led to a general “downgrade” of humanity, evidenced by digital addiction, increased superficiality, and an overall decline of mental health and political and media discourse. A critical approach to UX, they say, would help shed light on its negative effects. Harris’s Center of Humane Technology seems to have been launched with that aim in mind. But as Maya Ganesh, Lilly Irani and Rumman Chowdhury, and others have noted, the idea of humane technology is at best a technical critique of UX design practices and culture that repositions Silicon Valley entrepreneurs, designers, and programmers as the ideal reformers of humanity.

The tech-humanist movement raises important questions about how UX design configures human beings as “users” according to the culture and ideology of the tech sector. This echoes the work of STS scholars like Benjamin Bratton, Tung-Hui Hu, Orit Halpern, and Wendy Chun, who have made similar points. But tech humanism appears to take for granted the fundamental unit that motivates its critique: the “human” subject. For Harris and company, the human subject appears to be a transparent, knowable, monadic unit of being, more or less consistent with the humanist subject of the Enlightenment. They treat what a “human” is and does as self-evident, overlooking the ways that the category of the human has been used to dehumanize certain people and groups who fall outside their limited definition (i.e. women, people of color, non-able bodies, etc.). The “human” is not a self-evident category at all but rather a political and ideological tool that has long been used to maintain existing hierarchies, excluding some people to the benefit of others.

The arch response Harris received to his STX tweet might be read as part of ongoing debates, in STS and elsewhere, regarding who gets to define the “human,” as well as who gets to be considered most fully human in our current techno-social predicament. Our concern is that tech humanism not only underestimates what it takes to comprehend the category of “the human” but that its attempts to reform “humanity” may reinstate humanism’s old hierarchies of power and control.


Traditional humanism defined the “human” as a rational, sovereign agent. In Rosi Braidotti’s estimation, this means “the classical ideal of ‘Man,’ formulated first by Protagoras as ‘the measure of all things,’ later renewed in the Italian Renaissance as a universal model and represented in Leonardo da Vinci’s Vitruvian Man.” Cary Wolfe has explained this idea of the “human” as “the Cartesian subject of the cogito, the Kantian ‘community of reasonable beings,’ or, in more sociological terms, the subject as citizen, rights-holder, property-owner, and so on.” This Enlightenment notion of the human continues to enjoy widespread consensus, carrying with it a reassuring familiarity and appearing as common sense. An attachment to this notion of the human is often asserted as if it were a matter of fact, a given — so much so that, as Braidotti points out, we construct a fundamental notion of rights around it.

It is no coincidence that websites promoting disconnection tools and events often feature striking images of untouched mountains

Though this definition of “human” is often taken and natural and self-evident, it has also been subject to critique. The anti-humanist movements of postwar Europe (associated with figures such as Michel Foucault, Jacques Derrida, Gilles Deleuze, and Jacques Lacan) and the more recent posthuman movement (associated with Rosi Braidotti, Cary Wolfe, Francesca Ferrando, among others) have systematically critiqued this humanist figure for its partiality. As Braidotti summarizes:

Universal “Man,” in fact, is implicitly assumed to be masculine, white, urbanized, speaking a standard language, heterosexually inscribed in a reproductive unit and a full citizen of a recognized polity. How nonrepresentative can you get?

The concept is also critiqued for putting forward the notion of man as the hegemonic and rightfully dominant species.

Tech humanism, in foregrounding the need to preserve “the human,” is in danger of reviving the old humanist approach, only its definition of Universal Man is framed around the ideal user implicit in the protocols of UX design. Humanism’s “unshakable certainty [in] the almost boundless capacity of humans to pursue their individual and collective perfectibility” (as Rosi Braidotti puts it in The Posthuman) is finding new form in the Perfect User: a thoroughly designed, homogenous subject position that one may momentarily step into by engaging in digital healthism and digital well-being practices. Its proximate roots are in Californian wellness culture (described here by Daniela Blei), which attempts to align intentional technology use with self-mastery. Today’s aspirational subject can engage in activities such as intentional eating, intentional house design, and intentional human speaking. And, of course, intentional phone use.

Drawing from wellness culture, tech humanism adopts as one of its central tenets the perfectibility of the subject, pursuable through such activities as mindfulness, digital minimalism, productivity, self-discipline, and intentionality. Inherent in the movement is the elitist assumption that everyone has the time and means to be unconnected. For the Perfect User, retreating from the digital world means attending custom-designed events and festivals, like the Go Brick Phone-Free Getaway and, of course, Burning Man, where being screen-free will have only positive consequences. It is no coincidence that websites promoting disconnection tools and events often feature striking images of untouched mountains, because the Perfect User has the ability to travel in pursuit of self-improvement.

There is also a fundamental assumption that users have, or should have, a dominant, guiding and aspirational intention in ideological alignment with the Center for Humane Technology’s Humane Design Guide. Central to the center’s ideology is the humanist belief that individuals should act in concert with their own intentions. Accordingly, UX design practices can and should enhance the human condition by aligning design to human intention. As part of this determinist, the CHT website (under a header of Take Control) offers tips on, for example, how to temper one’s phone habit, with links to recommended mindfulness or time-management apps like Calm and Moment. These tips reinforce an approach to technology founded in what Adam Fish calls “digital healthism,” which positions the individual as responsible for their digital consumption.

But for tech humanism, the same potent persuasive technology design that is pitched here as the solution was also the source of the problem, fomenting unintentional or unconscious phone use through its irresistible snares. The movement’s ostensible mission is to maintain and protect individual sovereignty and restore intentionality, yet it relies on the same sort of assumption about the conditioning powers of UX design to achieve it.

Tech humanism insists that one be a user to be recognized as human. The fantasy-structure of intentionality encourages an aspirational form of digital consumption

Exactly how does UX design configure the Perfect User? And whose interests does this user serve? Among the apps meant to rescue users from distraction is Siempo, which tries to restore intentionality by redrawing the phone interface and reorganizing the app inventory to make “distracting” features less accessible. During its onboarding process, the app asks, “What’s your intention?” which it then reminds users of every time they unlock their phone or swipe to additional screens. Constantly reminding the user of their intention nudges the user to self-manage their digital consumption and aspire to a healthier, more productive, or otherwise self-optimal modes of living. With Siempo installed, the phone becomes akin to Foucault’s “body-tool,” demanding of the user continuous, intentional behavior. The phone as body-tool prompts the user to engage in self-surveillance and self-discipline, subjugating themselves to the modes of use that have been designed into the app.

Another tool, the Intent Launcher of the Add Intent suite, further reveals the kinds of activities the Perfect User is encouraged to strive for. Although the app’s purpose is presented relatively neutrally as “developing tools that put you back in control,” the overall design promotes a specific lifestyle ideology. Its design is text-only, to counteract “flashy icons trying to get your attention.” It suggests that users organize their phone apps into “Essentials” (it lists Amazon Kindle, Camera, Inbox, Messages, Phone, Slack, and Spotify) and “Distractions” (Facebook, Twitter, Instagram, and YouTube). These lists seem to discourage apps where the user engages more directly with others and with the outside world, and encourage as potentially “enriching” activities like reading and listening to music.

Regardless of how worthy their causes may be, both these apps require the user to enter into a thoroughly designed user-position — the Perfect User — to even be recognized as a subject by the socio-technical apparatus. One cannot function as a user without conforming to the modes of use that have been designed into the system. Put differently, apps like Siempo and Add Intent are actively involved in producing the kind of subject with which they claim to interact. The user of these systems remains a docile subject to be brought under control and disciplined, but the fantasy-structure of intentionality masks the ideological functioning of the apps, not to mention the broader structures of wellness capitalism itself, by encouraging an aspirational form of digital consumption. Tech humanism more or less insists that one be a user to be recognized as human. This move keeps us tethered to classic humanist structures of categorization, whereby some users are considered better than others.

The Perfect User may appear to be a self-evidently superior form of subjectivity well-suited to the pressures of our techno-social age, but that should not blind us to the relational politics and ideological entanglements that lie behind it. Though it seems rooted in wellness and empowerment, it implicitly retains the hierarchies and exclusions of enlightenment humanism by assuming the nature of the “human” subject it requires.

Although the humane tech movement’s attempts to reconfigure a “better” user-subject may be well-intentioned, we also need to acknowledge the political and ideological assumptions underpinning it. This may help to avoid a situation in which a relatively small group of Silicon Valley tech entrepreneurs, developers, and designers are reforming humanity according to a privileged set of values and ideals.

26 Aug 23:28

Henry David Thoreau

"Success usually comes to those who are too busy to be looking for it."
14 Aug 10:59

Exploiting GDPR to Get Private Information

by Bruce Schneier

A researcher abused the GDPR to get information on his fiancee:

It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR), which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance.

"Generally if it was an extremely large company -- especially tech ones -- they tended to do really well," he told the BBC.

"Small companies tended to ignore me.

"But the kind of mid-sized businesses that knew about GDPR, but maybe didn't have much of a specialised process [to handle requests], failed."

He declined to identify the organisations that had mishandled the requests, but said they had included:

  • a UK hotel chain that shared a complete record of his partner's overnight stays

  • two UK rail companies that provided records of all the journeys she had taken with them over several years

  • a US-based educational company that handed over her high school grades, mother's maiden name and the results of a criminal background check survey.
24 Jun 11:21

Bill Gates says his ‘greatest mistake ever’ was Microsoft losing to Android

by Tom Warren

Microsoft co-founder Bill Gates has been reflecting on his time at the company when crucial decisions were made over its mobile operating system. During a recent interview at Village Global, a venture capital firm, Gates revealed his “greatest mistake ever” was Microsoft missing the Android opportunity:

“In the software world, particularly for platforms, these are winner-take-all markets. So the greatest mistake ever is whatever mismanagement I engaged in that caused Microsoft not to be what Android is. That is, Android is the standard non-Apple phone platform. That was a natural thing for Microsoft to win. It really is winner take all. If you’re there with half as many apps or 90 percent as many apps, you’re on your way to complete...

Continue reading…

09 Jun 18:35

W. C. Fields

"Reminds me of my safari in Africa. Somebody forgot the corkscrew and for several days we had to live on nothing but food and water."
27 May 10:48

Donald H. Rumsfeld

"If you are not criticized, you may not be doing much."
23 May 11:07

Marie Curie

"I am among those who think that science has great beauty. A scientist in his laboratory is not only a technician: he is also a child placed before natural phenomena which impress him like a fairy tale."
13 Apr 11:02

Maliciously Tampering with Medical Imagery

by Bruce Schneier

In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists.

I don't think the medical device industry has thought at all about data integrity and authentication issues. In a world where sensor data of all kinds is undetectably manipulatable, they're going to have to start.

Research paper. Slashdot thread.

03 Apr 10:42

Hacking Instagram to Get Free Meals in Exchange for Positive Reviews

by Bruce Schneier

This is a fascinating hack:

In today's digital age, a large Instagram audience is considered a valuable currency. I had also heard through the grapevine that I could monetize a large following -- or in my desired case -- use it to have my meals paid for. So I did just that.

I created an Instagram page that showcased pictures of New York City's skylines, iconic spots, elegant skyscrapers ­-- you name it. The page has amassed a following of over 25,000 users in the NYC area and it's still rapidly growing.

I reach out restaurants in the area either via Instagram's direct messaging or email and offer to post a positive review in return for a free entree or at least a discount. Almost every restaurant I've messaged came back at me with a compensated meal or a gift card. Most places have an allocated marketing budget for these types of things so they were happy to offer me a free dining experience in exchange for a promotion. I've ended up giving some of these meals away to my friends and family because at times I had too many queued up to use myself.

The beauty of this all is that I automated the whole thing. And I mean 100% of it. I wrote code that finds these pictures or videos, makes a caption, adds hashtags, credits where the picture or video comes from, weeds out bad or spammy posts, posts them, follows and unfollows users, likes pictures, monitors my inbox, and most importantly -- both direct messages and emails restaurants about a potential promotion. Since its inception, I haven't even really logged into the account. I spend zero time on it. It's essentially a robot that operates like a human, but the average viewer can't tell the difference. And as the programmer, I get to sit back and admire its (and my) work.

So much going on in this project.

15 Mar 13:39

Solomon Short

"I'm all in favor of keeping dangerous weapons out of the hands of fools. Let's start with typewriters."
01 Mar 21:25

As More Universities ‘Ditch’ Elsevier, Sci-Hub Blossoms

by Ernesto

Little more than three years ago, Elsevier, one of the world’s largest academic publishers, took Sci-Hub to court.

It was a mismatched battle from the start. With a net income of more than $2.4 billion per year, the publisher could fund a proper case, while its nemesis relied on donations.

Elsevier won the case, including millions of dollars in damages. However, the site remained online and grew bigger. Ironically, the academic publisher itself appears to be one of the main drivers of this growth.

In recent years there has been a major push in academic circles to move to Open Access publishing. Instead of locking academic publications behind paywalls, they should be freely available to researchers around the world as well as the public at large, the argument goes.

There has been some progress on this front, but it’s been slow. Meanwhile, Elsevier and other publishers continue to sell expensive subscriptions to universities. So expensive, that many institutions can’t afford them.

This means that their researchers run into paywalls, so they can’t do their work properly. It’s an absurd situation for the academic world, which is built on the premise that researchers build upon the work of others.

In an attempt to force a breakthrough, the University of California (UC), which includes ten campuses, requested that all its research be made available to the public from Elsevier without cost. This was possible, but only if UC’s authors paid extra publishing fees.

This was not an option for UC, which already had to pay a multi-million dollar subscription, so it cut its ties with Elsevier. The university notes that it doesn’t want to pay the rapidly escalating costs when its own work isn’t freely available.

This isn’t a problem that’s limited to UC, many other institutions can’t or are not willing to pay millions in subscription fees. This has reached a point where it’s pretty much impossible, even for wealthy universities, to access all academic knowledge.

“Make no mistake: The prices of scientific journals now are so high that not a single university in the U.S. — not the University of California, not Harvard, no institution — can afford to subscribe to them all,” says Jeffrey MacKie-Mason, university librarian and economics professor at UC Berkeley.

“Publishing our scholarship behind a paywall deprives people of the access to and benefits of publicly funded research. That is terrible for society,” MacKie-Mason adds.

This issue is not new and Elsevier is not the only publisher to demand high subscription fees. As the largest academic publisher, however, the effects of canceled subscriptions are felt most at Elsevier.

Several universities from Germany, Hungary, and Sweden previously let their Elsevier subscriptions expire, which means that tens of thousands of researchers don’t have access to research that is critical to their work.

This is where Sci-Hub comes into play.

The “Pirate Bay of Science” might just quietly play a major role in this conflict. Would the universities cancel their subscriptions so easily if their researchers couldn’t use Sci-Hub to get free copies?

Without access to critical research, their employees can’t function properly, so this ‘pirate’ backup comes in handy for sure.

Sci-Hub founder Alexandra Elbakyan has always been forthcoming about her goals. Sci-Hub wants to remove all barriers in the way of science. She also made that crystal clear when we interviewed her back in 2015.

“Everyone should have access to knowledge regardless of their income or affiliation. And that’s absolutely legal. Also, the idea that knowledge can be a private property of some commercial company sounds absolutely weird to me,” she said at the time.

While Sci-Hub may not be a permanent solution, its existence definitely pays a major role as a bargaining chip in a changing academic publishing world. While it’s early days, Sci-Hub certainly helped to make the paywalls crumble.

A quick look at some traffic stats shows that the site’s visitors continue to grow at a rapid rate, and with UC’s most recent decision to cancel its Elsevier subscription, this trend is likely to continue.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

01 Mar 15:44

Deze websites schenden ongevraagd je privacy

Maxim Bange

Name and shame

Honderden websites schenden ongevraagd je privacy, meldde de NOS eerder vandaag. Maar welke sites maken zich daar precies schuldig aan? Hieronder zetten we het op een rij.

Omdat de lijst anders te lang zou zijn, tonen we alleen websites die ten tijde van het onderzoek twee of meer tracking cookies plaatsten, bestandjes die je internetgedrag volgen.

Het onderzoek stamt uit halverwege februari; het kan zijn dat websites inmiddels maatregelen hebben genomen of dat de situatie om andere redenen is gewijzigd.

Onder de websites die ongevraagd tracking cookies plaatsten, zijn ook twee politieke partijen, namelijk PvdA en Forum voor Democratie. De PvdA heeft inmiddels actie ondernomen; volgens de partij ging het om een fout en werd de tracking cookie niet daadwerkelijk gebruikt. Forum voor Democratie was niet bereikbaar voor commentaar.

Zorgverzekeraar CZ bevestigt tracking cookies te hebben geplaatst, maar zegt dat dit is gebeurd zonder dat het bedrijf het wist.

Een van de websites die de meeste tracking cookies plaatsten, is die van RTV Rijnmond. Dat ging om een fout, die inmiddels is rechtgezet, laat de omroep weten. Uit een analyse van de tracking cookies die zijn geplaatst, blijkt dat de cookies afkomstig zijn uit de Verenigde Staten tot China. Ook bezoekers van Linda en Lindanieuws worden blootgesteld aan cookies uit verschillende landen: van Maleisië en Japan tot Polen en Rusland.

Een deel van de websites, zoals Nu.nl en Startpagina, opereert in een grijs gebied en plaatst tracking cookies als je de cookiemelding negeert. Het idee: als je de website blijft gebruiken, ben je blijkbaar akkoord. Maar juristen plaatsen daar kanttekeningen bij. Uiteindelijk zal de rechter zich moeten uitspreken over de vraag of deze praktijk door de beugel kan.

19 Feb 14:27

Linux Mint 19.1: A sneaky popular distro skips upheaval, offers small upgrades

by Ars Staff
Cinnamon 4.0's new look in Linux Mint 19.1

Enlarge / Cinnamon 4.0's new look in Linux Mint 19.1 (credit: Scott Gilbertson)

While Ubuntu and Red Hat grabbed most of the Linux headlines last year, Linux Mint, once the darling of the tech press, had a relatively quiet year. Perhaps that's understandable with IBM buying Red Hat and Canonical moving back to the GNOME desktop. For the most part Linux Mint and its developers seemed to keep their heads down, working away while others enjoyed the limelight. Still, the Linux Mint team did churn out version 19, which brought the distro up to the Ubuntu 18.04 base.

While the new release may not have garnered mass attention, and probably isn't anyone's top pick for "the cloud," Linux Mint nevertheless remains the distro I see most frequently in the real world. When I watch a Linux tutorial or screen cast on YouTube, odds are I'll see the Linux Mint logo in the toolbar. When I see someone using Linux at the coffee shop, it usually turns out to be Linux Mint. When I ask fellow Linux users which distro they use, the main answers are Ubuntu... and Linux Mint. All of that is anecdotal, but it still points to a simple truth. For a distro that has seen little press lately, Linux Mint manages to remain popular with users.

There's a good reason for that popularity: Linux Mint just works. It isn't "changing the desktop computer paradigm," or "innovating" in "groundbreaking" ways. The team behind Mint is just building a desktop operating system that looks and functions a lot like every other desktop operating system you've used, which is to say you'll be immediately comfortable and stop thinking about your desktop and start using it to do actual work.

Read 24 remaining paragraphs | Comments

21 Dec 16:25

Drone Denial-of-Service Attack against Gatwick Airport

by Bruce Schneier

Someone is flying a drone over Gatwick Airport in order to disrupt service:

Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen.

He told BBC News: "There are 110,000 passengers due to fly today, and the vast majority of those will see cancellations and disruption. We have had within the last hour another drone sighting so at this stage we are not open and I cannot tell you what time we will open.

"It was on the airport, seen by the police and corroborated. So having seen that drone that close to the runway it was unsafe to reopen."

The economics of this kind of thing isn't in our favor. A drone is cheap. Closing an airport for a day is very expensive.

I don't think we're going to solve this by jammers, or GPS-enabled drones that won't fly over restricted areas. I've seen some technologies that will safely disable drones in flight, but I'm not optimistic about those in the near term. The best defense is probably punitive penalties for anyone doing something like this -- enough to discourage others.

There are a lot of similar security situations, in which the cost to attack is vastly cheaper than 1) the damage caused by the attack, and 2) the cost to defend. I have long believed that this sort of thing represents an existential threat to our society.

EDITED TO ADD (12/23): The airport has deployed some ant-drone technology and reopened.